General
-
Target
32d1420e056218db14c3783bff16550c14b731076a1d9f4521c76fbbc04020d6
-
Size
128KB
-
Sample
240630-rpy1maygre
-
MD5
79ac6087b0163ae9e16f3af636cf17b7
-
SHA1
6d9ece917ae5acca5e71df8fd95c39833de1cc5c
-
SHA256
32d1420e056218db14c3783bff16550c14b731076a1d9f4521c76fbbc04020d6
-
SHA512
c972236b8fa97c89af89f75160a8d32f328f898787ab44944bc3136398bdb566d69f1fb4345928011763483d30a5868b91b43d188126b6f5ff1186f61f6793f9
-
SSDEEP
3072:FftffjmNAftffjmNDq8wj54MOiy5j8ZhU5/A9JU1t/sp5e8gqq:FVfjmNAVfjmNO8wj54Ma5we/AkMLgqq
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
32d1420e056218db14c3783bff16550c14b731076a1d9f4521c76fbbc04020d6
-
Size
128KB
-
MD5
79ac6087b0163ae9e16f3af636cf17b7
-
SHA1
6d9ece917ae5acca5e71df8fd95c39833de1cc5c
-
SHA256
32d1420e056218db14c3783bff16550c14b731076a1d9f4521c76fbbc04020d6
-
SHA512
c972236b8fa97c89af89f75160a8d32f328f898787ab44944bc3136398bdb566d69f1fb4345928011763483d30a5868b91b43d188126b6f5ff1186f61f6793f9
-
SSDEEP
3072:FftffjmNAftffjmNDq8wj54MOiy5j8ZhU5/A9JU1t/sp5e8gqq:FVfjmNAVfjmNO8wj54Ma5we/AkMLgqq
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1